CN103270518A - Virtual machine validation - Google Patents
Virtual machine validation Download PDFInfo
- Publication number
- CN103270518A CN103270518A CN2011800618386A CN201180061838A CN103270518A CN 103270518 A CN103270518 A CN 103270518A CN 2011800618386 A CN2011800618386 A CN 2011800618386A CN 201180061838 A CN201180061838 A CN 201180061838A CN 103270518 A CN103270518 A CN 103270518A
- Authority
- CN
- China
- Prior art keywords
- trusted host
- configuration data
- data structure
- requirement
- host environment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
A system, method, computer program product and computer program for providing validation of the compliance of a trusted host environment with a requirement of a virtual machine (VM), the system comprising: a store component for cryptographically storing configuration data associated with the trusted host environment in at least one cryptographic data structure; a send component, responsive to the store component storing the configuration data, for sending the at least one cryptographic data structure to a control component; an analyse component, responsive to the control component receiving the at least one cryptographic data structure, for analysing the at least one cryptographic data structure; a compare component, responsive to the analyse component determining the configuration data, for comparing the configuration data with the requirement; and a verify component, responsive to the compare component determining that the configuration data matches the requirement, for allowing verification of the VM.
Description
Technical field
The present invention relates to the computer virtual machine.Especially, the present invention relates to the apparatus and method of the checking (validation) for virtual machine.
Background technology
Virtual machine (VM) is that the software of physical computer is realized.When the computer program that is designed to carry out at physical machine when VM carries out, carry out in a similar fashion.VM provides complete system platform to support operating system (OS) completely.Can use the different OS of each operation of different VM() the user between share physical machine.
Modern processor architecture has enabled Intel Virtualization Technology, and Intel Virtualization Technology allows a plurality of operating systems and VM to operate on the single physical machine.These technology are used supervisory routine (hypervisor) layer that runs directly on the physical hardware, and this supervisory routine layer is reconciled (mediate) to the visit of physical hardware by the virtual hardware layer being offered the operating system of moving in each virtual machine.This supervisory routine can be operated at physical machine in conjunction with " primary (native) VM ".Selectively, this supervisory routine can be combined in " VM of trustship " operating system on operating in physical machine of higher software levels operation and operate.
The example of VM technology has:
Kernel-Based Virtual Machine(KVM), its allow one or more Linux or
Virtual machine operates on the bottom Linux of operation KVM.
Xen, it allows client computer (virtualized) Linux to operate on the Linux.
Parallels, it allows Linux and Windows on Mac OS X.
VMWare, it allows Linux and Windows system on Mac OS X, Windows and linux system.
(Linux is that Linus Torvalds is in the U.S., other country or the two registered trademark.Microsoft and Windows are that Microsoft company is in the U.S., other country or both registered trademarks.)
Credible platform module (TPM) is the system that meets by the safety standard of credible calculating group (TCG) definition.It is implemented as the assembly of computer system of (cryptographic) key of the encryption that protection information is provided usually.TPM can also provide remote proving, and its feasible change to computer system can be detected by the side of being authorized to.TPM can realize with hardware, software or both combinations.
Virtual TPM (vTPM) provides TPM service to the VM that moves in supervisory routine.VTPM is defined as the TPM with the software realization---and it can offer anything with the TPM service, and is not VM.Run through between the lifetime of VM, even VM is transplanted to another physical machine from a physical machine, VM and related vTPM thereof are also kept safely.VTPM also must keep the security association of relative trusted computing base plinth.
VTPM can be hosted in the user's space among the VM, in the coprocessor of safety, or is hosted among its oneself the independent VM.
The VM that is deployed to data center can have a lot of requirements about its running environment.These requirements can comprise the type of hardware, or some the lower-level systems configuration outside VM sight line and the control.Such requirement can be stipulated in service level agreement (SLA), and can be formed the part of industrial regulations.When VM transplants, make that easily running counter to these one of requires between different system.When the keeper changed its system, they may not recognize the requirement of VM, run counter to requirement again in addition.
For having disposed for the system owner of VM at remote data center, it is very difficult that these requirements are satisfied in checking.Even can see the system owner of data center systems, find that still it is inconvenient that its requirement of checking is satisfied.
Although VM uses the benefit that expense is provided as the platform owner, the VM that needs protection avoids malicious attack.A kind of mode is to use believable (root), and such as hardware based credible platform module (TPM), its assessment operates in the integrality of all softwares on the platform, is included in the operating system, supervisory routine and the application that move among the VM.TPM allows remote proving (attestation) by the Hash of the digitally encryption of sign software assembly.In this context, " proof " means the evidence of the definite software/hardware component that guiding is provided; " checking " means proof, examines or its effect of Combination.
The situation that may run counter to service level agreement (SLA) is not taken precautions against in TPM and credible calculating.
Therefore, need to solve the shortcoming of known credible accounting system in the present technique.
Summary of the invention
From one side, the invention provides a kind of system of checking of the accordance be used to the requirement that trusted host environment and virtual machine (VM) are provided, this system comprises: memory module is used for encrypting the storage configuration data related with the trusted host environmental facies at least one ciphered data structure; Sending assembly is stored described configuration data in response to described memory module, is used for described at least one ciphered data structure is sent to Control Component; Analytic unit receives described at least one ciphered data structure in response to described Control Component, is used for analyzing described at least one ciphered data structure; Comparing component is determined described configuration data in response to described analytic unit, is used for described configuration data is compared with requirement; And examine assembly, and determine that in response to described comparing component described configuration data mates described requirement, be used for admitting described VM examining at the trusted host environment.
Preferably, the invention provides a kind of system, the wherein said component responds of examining is determined the described requirement that do not match of described configuration data in described comparing component, also can operate for denying described VM examining at the trusted host environment.
Preferably, the invention provides a kind of system, wherein said memory module is supervisory routine; Wherein said at least one ciphered data structure is at least one platform configuration register (PCR); Wherein said at least one ciphered data structure is related with another trusted host environmental facies of described VM; Wherein said trusted host environment comprises credible platform module; And wherein said system also comprises first server that comprises the trusted host environment and the second server that comprises Control Component.
From second aspect, the invention provides a kind of method of checking of the accordance be used to the requirement that trusted host environment and virtual machine (VM) are provided, the method comprising the steps of: encrypt the storage configuration data related with the trusted host environmental facies at least one ciphered data structure; In response to the step of store configuration data, described at least one ciphered data structure is sent to Control Component; In response to the step that receives at least one ciphered data structure, analyze described at least one ciphered data structure; In response to the step of determining described configuration data, described configuration data is compared with requirement; And in response to determining that described configuration data mates the step of described requirement, admits the checking of described VM in the trusted host environment.
Preferably, the invention provides a kind of method, wherein said method also comprises, in response to determining the do not match step of described requirement of described configuration data, denies the checking of described VM in the trusted host environment.
Preferably, the invention provides a kind of method, wherein said step of encrypting the storage configuration data related with the trusted host environmental facies at least one ciphered data structure is included at least one platform configuration register (PCR) step of the related configuration data of cryptographically storage and trusted host environmental facies; Wherein this method also comprises described at least one ciphered data structure step related with another trusted host environmental facies of VM; Wherein said trusted host environment comprises credible platform module; And wherein said method also comprises to be provided first server that comprises the trusted host environment and the second server that comprises described Control Component is provided.
From another aspect, the invention provides a kind of computer program of checking of the accordance be used to the requirement that trusted host environment and virtual machine (VM) are provided, this computer program comprises: computer-readable recording medium can read and store for the method for being carried out step of the present invention by treatment circuit by treatment circuit.
From another aspect, the invention provides a kind of computer program that is stored on the computer-readable medium and can be written into the internal storage of digital machine, comprise the software code part, when described program is moved on computers, be used for carrying out method of the present invention.
Advantageously, the invention provides and a kind ofly allow the owner of system to use the long-range method that its requirement is satisfied of examining.The present invention expands to the more than VM software configuration of report with the use of virtual credible platform module (vTPM).
Advantageously, the existing long-range method of examining still can use the trusted bootstrap (Boot) of system to carry out, and can be sure of that therefore it is moving known and believable software configuration.
Advantageously, the VM owner also can be used for being used and the environmental requirement of check system by system supervisor by keeping platform configuration register (PCR).Supervisory routine has direct control below virtual machine and to the hardware of system.This supervisory routine is in report and is used for the system state of VM environmental requirement and the optimum position of configuration.Because vTPM equipment is virtual and is written into from supervisory routine, this solution allows supervisory routine that one or more PCR are set to reflect environment.When VM was moving and examining execution, the VM owner can see the state of environment and therefore check that its requirement is satisfied by PCR.Advantageously, the possessory owner of VM can the check system setting when it only has the visit of the VM that system is moved.
Advantageously, vTPM and supervisory routine communicate with one another.Distribute one or more PCR to be used for the tolerance of storage VM project beyond the invisible.Advantageously, the assembly below the VM cooperates the interested project of tolerance and this tolerance is propagated among one or more PCR of vTPM.Long-range examining also can be with respect to one or more PCR of policy validation distribution.When VM was proved to be, it not only reported the state of the software that is directed, and also reported some information of the server that relevant VM moves thereon.
Advantageously, thus can expand known instrument allow the proof feature for example to comprise the authentication functionality of PCR8 meets environmental requirement to guarantee system, such as " dev " user of elasticity service processor (FSP).This makes the management of a lot of VM with such requirement become easy.FSP resides in
Small-sized control computer system in the system.(IBM and POWER6 are that International Business Machine Corporation (IBM) is at the U.S., other country or both trade marks.)
For the current state of technology, VM can't be to such configuration inspection FSP.But the present invention's head it off because FSP, supervisory routine and vTPM all are connected and can measure each other, is reported this tolerance via the PCR that distributes then.
Advantageously, utilize the service level agreement (SLA) on the CPU (central processing unit) (CPU) that requires its VM to operate in particular type, data and the proof such via the PCR report are valuable to the consumer.Proof and examining subsequently can help proof SLA to be satisfied, if when particularly VM is transplanted to another physical system at any time.
Advantageously, but VM owner check system setting when it only has visit to the VM that moves in system.Be allocated for stored items tolerance PCR at VM beyond the invisible.Assembly below the VM cooperates to measure interested project and this tolerance is propagated among the PCR of vTPM, for example vTPM and the supervisory routine by communicating with one another.Proving and examine can be with respect to the PCR of policy validation distribution.
Description of drawings
Now with reference to as with the preferred embodiment shown in figure below, only in the mode of example the present invention is described.
Fig. 1 is the block diagram of describing according to the data handling system of prior art, can realize the preferred embodiments of the present invention in this data handling system;
Fig. 2 is the block diagram of describing according to two physical servers of prior art, can realize the preferred embodiments of the present invention in this physical server;
Fig. 3 is the senior exemplary schematic flow diagram of method of operating step of describing according to a preferred embodiment of the invention, be used for providing the trust data of virtual machine (VM);
Fig. 4 is the senior exemplary schematic flow diagram of method of operating step of checking of accordance of describing according to a preferred embodiment of the invention, be used for providing the requirement of trusted host environment and VM;
Fig. 5 is the block diagram of describing platform configuration register (PCR) according to a preferred embodiment of the invention;
Fig. 6 is the block diagram of describing server according to a preferred embodiment of the invention; And
Fig. 7 be describe according to a preferred embodiment of the invention, can be at the block diagram of the control program of operating with the workstation of server communication.
Embodiment
Fig. 1 is the block diagram of describing according to the data handling system 100 of prior art, can realize the preferred embodiments of the present invention in this data handling system 100.This data handling system comprises workstation 120 and server 150,160.Workstation 120 can be connected by network 110 with server 150,160.
Fig. 2 describes according to two servers 150 of prior art and 160 block diagram, can realize the preferred embodiments of the present invention in described server.Supervisory routine 256 can be operated at the physical hardware 252 of physical server 150, and allows primary VM152 and 156 to move on supervisory routine 256.VM152 and 156 each be isolated from each other, and can just operate in the whole operation system and operating as them.Supervisory routine 256 is to each VM152 and 156 simulation hardwares, thereby make that when VM152 and 156 wishes its virtualized hardware devices of visit (for example, Ethernet card, small computer system interface (SCSI) controller) supervisory routine 256 intercepts these instructions and is converted into visit to physical hardware 250.
Operating system (OS) 264 can be in physical hardware 262 operations of physical server 260.Supervisory routine 266 can be operated at OS264.Client VM166 can be in supervisory routine 266 operations.VM280 can operate at OS264.
System's translater (ST) the 268th in different ISA systems (for example allows to be designed to the total system (OS264 and application 154,158) of an instruction set architecture (ISA) (for example, Sun SPARC)
The component software of last operation.(IBM and POWER6 are that International Business Machine Corporation (IBM) is at the U.S., other country or both trade marks.) layer of ST268 conduct between VM280 and physical hardware 262.
As described in Figure 2, ST268 can operate in the operating system (not shown) in client VM280.In this case, OS264 and user space program start, and it provides system's interpretative function.ST268 provides and supervisory routine 256,266 pairs of similar services that a plurality of VM152,156 that operate on the physical machine 150,160 provide single VM280.ST268 is with the mode simulation hardware identical with supervisory routine 256,266, but is used for the hardware of different frameworks.In addition, the instruction of ST268 translation VM280 expectation execution.System's translater uses binary translation so that machine instruction is transformed into another ISA from an ISA usually.Also use simulation hardware, thereby make the emulation entire machine, and the not operation of total system reflection with changing.
In an optional embodiment, ST268 can be used as the part operation of supervisory routine 266.In an optional embodiment, ST268 can be directly in supervisory routine 266 operations.In this embodiment, ST268 operates as the OS of operation in VM152,156,166 and 280.In an optional embodiment: ST268 can operate in primary OS264; As the layer on the primary OS264; Or VM152,156,166,280 and physical hardware 252,262 between the layer.
The function of ST268 in normal running comprises interpretive order and simulation hardware.Interpretive order uses binary translation to carry out by the needed instruction of VM280 at different physical structures.The emulation of hardware provides a kind of mechanism of the hardware that exists by the OS expection of its emulation translation.It comprises for example network interface card, Memory Controller, interruptable controller, ROM (read-only memory) (ROM) and random-access memory (ram).
Fig. 3 (should read in conjunction with Fig. 4,5,6 and 7) is the senior exemplary schematic flow diagram 300 of method of operating step of describing according to a preferred embodiment of the invention, be used for providing the trust data of virtual machine (VM).Fig. 4 is the senior exemplary schematic flow diagram 400 of method of operating step of describing according to a preferred embodiment of the invention, be used for providing the checking that requires 720 accordance of trusted host environment and VM.Fig. 5 is the block diagram of describing platform configuration register (PCR) 505,555 according to a preferred embodiment of the invention.Fig. 6 is the block diagram 600 of describing server 150 according to a preferred embodiment of the invention.Fig. 7 be describe according to a preferred embodiment of the invention, can be at the block diagram of the control program 118 of the workstation of communicating by letter with server 150 120 operations.
To use IBM POWER6 virtualization architecture only to describe the present invention as example.It should be appreciated by those skilled in the art that the present invention can similarly be applied to other virtualization architecture.
As setting forth example of the present invention, remote proving is concerned about the state that whether has enabled " sample " user account at the bottom server.It should be appreciated by those skilled in the art that remote proving can be concerned about the item of information of any amount of relevant bottom server.For example, can report other configuration flag via the mechanism that the present invention describes, such as debugging mode, dump pattern, fault flag, firmware version, hardware setting and more mark.
This method starts from step 301, and electric power is applied to server 150.In step 305, basic input/output (BIOS) starts the hardware 620 of (bring up) server 150.Server 150 also comprises nonvolatile memory (NVRAM) 630, wherein resident code 635 and the configuration 635 that is useful on supervisory routine (being also referred to as PHYP) 645.The small-sized control department of computer science that resides in the POWER system is referred to as elasticity service processor (FSP) 605.This FSP605 control NVRAM630, and be responsible for using loader code 610 to be written into and upgrade supervisory routine 645.That the control of supervisory routine 645 and renewal are considered to is restricted the renewal of Applied Digital signature (can only), so the trust that supervisory routine 645 is considered to credible core root (CRT) forms part.In step 310, be written into supervisory routine code 635, and start supervisory routine 645 at server 150.
When starting server 150, start credible platform module (TPM) and handle 315, recording events in host data base 622, and in one group of PCR505 in TPM628 the result of the tolerance of storage encryption.TPM628 is stored in the position of safety on the server hardware 620.Trusted bootstrap is for the process at computing system guiding and the chain that breaks the wall of mistrust.Use TPM to handle 315, the tolerance that the assembly of guiding can be encrypted, and result's encryption is stored among the PCR505 of TPM628.PCR505 is initialization when powering up, and uses spread function to revise.Each directing assembly is measured next directing assembly by calculating the cryptographic hash of the array of bytes that represents next directing assembly.What consequent value was encrypted links together with existing PCR505.Finish in case start, the last group of PCR505 represents trust chain.In case system moves, can use remote proving process (for example directly anonymity proof of the DAA(in the control program 118) by remote system) extract trust chain for checking.The value of PCR505 is used for determining whether server is credible.Exist to make the PCR extension process by the process of whole boot process, comprise that for example BIOS, guiding loader (for example supervisory routine is written into), any primary operating system (OS) 264 start and any native applications starts.Fig. 5 has described the one group of exemplary PCR505 that illustrates for the position that starts the different cryptographic hash of handling.For example, PCR_0 comprises the cryptographic hash that is used for the believable core root (CRTM) of tolerance in the field 510.CRTM represents the BIOS boot block code, and is considered to credible forever.
In step 320, supervisory routine starts one of a plurality of VM152.NVRAM630 also comprises virtual credible platform module (vTPM) code 640.Among the VM152,156 each operates on the supervisory routine 645, and the vTPM555 that is associated allows VM152,156 to carry out trusted bootstrap and remote proving subsequently.In step 325, vTPM code 640 is written into.VM152 will start logout in VM database 665, and set up one group of virtual PCR(vPCR between its starting period in its vTPM655).Similar with the startup of starter system in the step 305,310 and 315, component software is written into (in step 330), following component encrypts tolerance (in step 335), and the result is stored among the vPCR555.In step 345, make definite that whether VM152 has been activated fully.If also have more assembly to be written into, then step 330 is returned in control.More assembly can comprise uses 154,158 and 168.In a preferred embodiment, the responsibility of renewal vPCR555 is delivered to supervisory routine 645.In optional embodiment, VM152 upgrades its vPCR555.In this example, have eight grades because VM152 starts, so vPCR_0 to vPCR_7 is updated.
VTPM can be stored in each position.In a preferred embodiment, each VM152,156 its vTPM655 that oneself are associated of control.In optional embodiment, all vTPM655 are by management VM control, and visit is routed to suitable vTPM655 from the VM152,156 of correspondence.It should be appreciated by those skilled in the art that to provide many different frameworks to control vTPM655.
If there is not more assembly to be written into, VM152 starts, and control proceeds to step 350.In step 350, supervisory routine 645 is allowed the visit to vPCR_8565.VPCR_8565 is not used by step 320.In step 355, the hash function of the Secure Hash Algorithm of "/etc/passd " file of FSP605 record server 150-1(SHA-1), it has known tolerance in default configuration.It will be appreciated by those skilled in the art that the cryptographic algorithm that to use other.In step 360, FSP605 and supervisory routine 645 common (collude) transmit this and measure to use Hash expansion PCR_8565.The identified PCR565 that goes out to preserve the configuration data related with the trusted host environmental facies is retained and only is used for this use.In step 365, guarantee that the visit to vTPM is safe, to guarantee not have the casual visit of its trustworthiness of entail dangers to.
In an optional embodiment, supervisory routine 645 is recording system information in more than vPCR position of not used by VM setting up procedure 320.
In step 370, if existence to any renewal of "/etc/passwd " file of server 150, is controlled and got back to step 350.For example, 114 couples of FSP605 of keeper change, and enable " dev " user account.The SHA-1 Hash of "/etc/passwd " file becomes another given value.In this embodiment, supervisory routine 645 order vTPM655 use new tolerance to expand PCR_8565 again, and order VM152 is recorded in this renewal in the virtual data base 665, thereby gives PCR_8565 reflection FSP "/etc/passwd " yet unique known and predictable value state, new of file.
In step 399, this method proceeds to the verification method of Fig. 4.
In step 405, control program 118 receives request, to carry out the remote proving to VM152.In step 410, control program 118 requests are to the visit of VM152.In step 415, between the Terminal Server Client 755 of the long-range pipe person device 735 of control program 118 and VM152 encrypted key exchange takes place, thereby guarantee that this control program 118 is authorized to visit VM152.
In step 420, VM152 sends message 780 to control program 118.Message 780 comprises first value 782 corresponding with the value among the PCR_0 to PCR_7, second value 784 that is used for PCR_8565, the particulars 786 of first event corresponding with the startup of VM152, and the particulars of second event 788 corresponding with the record of "/etc/passwd " file value.In step 425, control program 118 receives message 780.In step 430, analytic unit 715 is analyzed message 780, to determine first value, 782, second value 784, first event detail 786 and second event detail 788.First and second values 782,784 and first and second event details 786,788 are stored in the control program database 730.In step 435, replay component 710 uses first event detail 786 to simulate first event, to set up the one group PCR value 714 corresponding with first event that simulated.Replay component 710 also uses second event detail 786 to simulate second event, to set up the PCR value 716 corresponding with second event that simulated.
The PCR value is unique for the group of the event of being moved the value of generation.Simulation to similar events as always causes identical PCR group as a result.Simulation to different event always causes different PCR group as a result.Whether therefore, can use the described event of relatively coming to determine at the PCR result of two groups of events is identical.If described event is not identical, then this can indicate one group to be distorted, and therefore this system is insincere.
In step 440, first that comparing component 725 will receive from VM152, corresponding with the PCR_0 to PCR_7 of the PCR555 value 782 compares with the group 714 of PCR value.Second that comparing component 725 also will receive from VM152, corresponding with the PCR_8565 of the PCR555 value 784 compares with the group 716 of PCR value.In step 445, first value 782 of expection if the group 712 of PCR value does not match, then system is insincere, and method moves to step 470.In step 470, keeper 114 takes any action of being associated with insincere system, for example, and forbidding VM152.
Alternatively, first value 782 of expection if the group 714 of PCR value does not match, then system can be with good conditionsi believable, and method moves to step 450.In step 450, tolerance second value 784.If second value 784 is zero, then its indication does not arrange system value, and this system is credible, and control forwards step 475 to.In step 475, the keeper takes any action of being associated with trusted system, and for example, the record result is used for audit (audit) purpose.If second value 784 is non-zero, then its indication has been provided with system value, and control forwards step 455 to.
In step 455, control program 118 is written into and requires 720 also to calculate corresponding secret value.In step 460, comparing component 725 compares secret value and second value 784.Mate this secret value and second value, 784 indication mechanisms 150 meet the demands 720.In step 465, if secret value coupling second value 784 then require 720 to be satisfied, and control forwards step 480 to.In step 480, the satisfactory state of known VM152 calls and examines assembly 728, and any action by carrying out being associated with the satisfactory state of VM152, admit in the trusted host environment, to satisfy examining that SLA requires, described action such as but not limited to outcome record in record of the audit.Yet second value 784 if secret value does not match requires 720 not to be satisfied, and control forwards step 485 to.In step 485, the dissatisfied state of known VM152 calls and examines assembly 728, and by carrying out and failing to satisfy the action that SLA requires to be associated and deny checking.For example, in step 485, if 114 couples of FSP605 of keeper change, enable " dev " user account, but exist must forbid that " dev " move VM152 require 720, then the result as remote proving can take action, for example, forbidding " dev " user account.This takes place when VM152 moves, thereby any proof demonstration of carrying out has enabled FSP " dev " user and do not rebooted VM152.
This method finishes to finish in step 499.
In an optional embodiment, measure more environment and configuration project and report to remote proving via vPCR555.
In an optional embodiment, supervisory routine 645 is not only reported user account in lower system.The actual disposition (for example, CPU (central processing unit) (CPU) identification number (ID), type, speed, memory space, hardware sequence number) that the useful project that can be measured is hardware.
In an optional embodiment, supervisory routine 645 report version or patch level, it can for example prove has used some safe maintenance.
In an optional embodiment of the present invention, this method is used to be safeguarded by system's translater and upgrade as the system architecture described in Fig. 2: vTPM, rather than undertaken by supervisory routine, perhaps is combined with supervisory routine and carries out.
In a preferred embodiment of the invention, this method can also be used when VM152,156 is transplanted to second server 160 from first server 150.At the VM152 of VM152,156(and transplanting, 156 vTPM655) transplanting after, operate in supervisory routine 645 on the second server 160 and use system value expansion PCR_8565 from second server 160.
In a preferred embodiment, supervisory routine 645 is served as memory module and cryptographically is stored at least one enciphered data structure with configuration data that will be related with the trusted host environmental facies.In an optional embodiment, this memory module comprises another assembly of VM152 outside, among its PCR555 with the vTPM655 that configuration data is stored in VM152 of communicating by letter with VM152.
Reference has been described each aspect of the present invention according to flowchart illustrations and/or the block diagram of method, device (system) and the computer program of the embodiment of the invention.To understand: can realize the combination of each piece and the piece in described flowchart illustrations and/or the block diagram of described flowchart illustrations and/or block diagram by computer program instructions.These computer program instructions can be offered the processor of multi-purpose computer, special purpose computer or other programmable data treating apparatus in order to produce machine, the parts for the function/action of one or more appointments that are implemented in described process flow diagram and/or block diagram are created in the feasible instruction of carrying out via the processor of described computing machine or other programmable data treating apparatus.
As the skilled person will recognize, can be used as system, method or computer program and specialize each aspect of the present invention.Therefore, each aspect of the present invention can take the form of the form of devices at full hardware embodiment, full software embodiment (comprising firmware, resident software, microcode etc.) or here all can be commonly referred to as " circuit ", " module " or " system " combination the form of embodiment of software and hardware aspect.In addition, each aspect of the present invention can be taked the form of computer program specific in one or more computer-readable mediums, and specializing on the described computer-readable medium has computer readable program code.
Can use any combination of one or more computer-readable mediums.This computer-readable medium can be computer-readable signal media or computer-readable recording medium.Computer-readable recording medium for example can be but be not limited to electronics, magnetic, light, electromagnetism, infrared or semiconductor system, device or equipment, perhaps aforementioned every any appropriate combination.The how concrete example of computer-readable recording medium (non-exhaustive is enumerated) comprises the following: electrical connection, portable computer diskette, hard disk, random-access memory (ram), ROM (read-only memory) (ROM), Erasable Programmable Read Only Memory EPROM (EPROM or flash memory), optical fiber, portable compact disc ROM (read-only memory) (CD-ROM), light storage device, magnetic storage apparatus or aforementioned every any appropriate combination with one or more lead.In the context of this document, computer-readable recording medium can be any tangible medium that can comprise or store the instruction of being used or being used in conjunction with described instruction execution system, device or equipment by instruction execution system, device or equipment.
The computer-readable signal media can be included in the base band or as the data-signal of the propagation of the part of carrier wave, wherein specialize computer readable program code in the data-signal of this propagation.The signal of this propagation can adopt any one in the various forms, includes but not limited to electromagnetism, light or any above suitable combination.The computer-readable signal media can be not be computer-readable recording medium, but can send, propagate or transmit for any computer-readable medium by instruction execution system, device or equipment use or the program that is used in combination with it.
Can use any suitable medium to be transmitted in the program that comprises on the computer-readable medium, that described medium includes but not limited to is wireless, wired, Connectorized fiber optic cabling, RF etc., perhaps the former any suitable combination
The computer program code that is used for the operation of execution each aspect of the present invention can be write with any combination of one or more programming languages, and described programming language comprises: Object-Oriented Programming Language, for example Java, Smalltalk, C++ etc.; And traditional process programming language, for example " C " programming language or similar programming language.This program code can be carried out in user's computer fully, partly carries out in user's computer, carry out, partly carries out or carry out at remote computer or server fully at remote computer on user's computer and partly as the stand alone software bag.In one scene of back, remote computer can be by comprising Local Area Network or wide area network (WAN) the network connection of any kind to user's computer, perhaps can (for example, use the ISP to pass through the Internet) and be connected to outer computer.
For fear of query, term " comprises ", uses as running through instructions and claim herein, be not interpreted as " only by ... form ".
Claims (16)
1. the system of the checking of the accordance of a requirement that is used for providing trusted host environment and virtual machine (VM), this system comprises:
Memory module is used for encrypting the storage configuration data related with the trusted host environmental facies at least one ciphered data structure;
Sending assembly is stored described configuration data in response to described memory module, is used for described at least one ciphered data structure is sent to Control Component;
Analytic unit receives described at least one ciphered data structure in response to described Control Component, is used for analyzing described at least one ciphered data structure;
Comparing component is determined described configuration data in response to described analytic unit, is used for described configuration data is compared with requirement; And
Examine assembly, determine that in response to described comparing component described configuration data mates described requirement, be used for admitting described VM examining at the trusted host environment.
2. system according to claim 1, the wherein said component responds of examining is determined the described requirement that do not match of described configuration data in described comparing component, also can operate for denying described VM examining at the trusted host environment.
3. according to the described system of aforementioned arbitrary claim, wherein said memory module is supervisory routine.
4. according to the described system of above arbitrary claim, wherein said memory module is communicated by letter with described VM.
5. according to the described system of aforementioned arbitrary claim, wherein said at least one ciphered data structure is at least one platform configuration register (PCR).
6. according to the described system of aforementioned arbitrary claim, wherein said at least one ciphered data structure is related with another trusted host environmental facies of described VM.
7. according to the described system of above-mentioned arbitrary claim, wherein said trusted host environment comprises credible platform module.
8. according to the described system of above-mentioned arbitrary claim, wherein said system also comprises first server that comprises the trusted host environment and the second server that comprises Control Component.
9. the method for the checking of the accordance of a requirement that is used for providing trusted host environment and virtual machine (VM), this method may further comprise the steps:
In at least one ciphered data structure, encrypt the storage configuration data related with the trusted host environmental facies;
In response to the step of store configuration data, described at least one ciphered data structure is sent to Control Component;
In response to the step that receives at least one ciphered data structure, analyze described at least one ciphered data structure;
In response to the step of determining described configuration data, described configuration data is compared with requirement; And
In response to determining that described configuration data mates the step of described requirement, admits described VM examining in the trusted host environment.
10. method according to claim 9, wherein said method also comprise, in response to determining the do not match step of described requirement of described configuration data, denies described VM examining in the trusted host environment.
11. according to any described method of claim 9 and 10, wherein said step of encrypting the storage configuration data related with the trusted host environmental facies at least one ciphered data structure is included at least one platform configuration register (PCR) step of the related configuration data of cryptographically storage and trusted host environmental facies.
12. according to any the described method among the claim 9-11, wherein this method also comprises described at least one ciphered data structure step related with another trusted host environmental facies of VM.
13. according to any the described method among the claim 9-12, wherein said trusted host environment comprises credible platform module.
14. according to any the described method among the claim 9-13, also comprise first server that comprises the trusted host environment and the step that the second server that comprises described Control Component is provided are provided.
15. the computer program for the checking of the accordance of the requirement that trusted host environment and virtual machine (VM) are provided, this computer program comprises:
Computer-readable recording medium can read and store for the instruction of being carried out by treatment circuit to carry out according to any described method of claim 9-14 by treatment circuit.
16. computer program that is stored on the computer-readable medium and can be written into the internal storage of digital machine, comprise the software code part, when described program is moved on computers, be used for any described method that enforcement of rights requires 9-14.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP10196282.7 | 2010-12-21 | ||
EP10196282 | 2010-12-21 | ||
PCT/EP2011/073259 WO2012084837A1 (en) | 2010-12-21 | 2011-12-19 | Virtual machine validation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103270518A true CN103270518A (en) | 2013-08-28 |
CN103270518B CN103270518B (en) | 2016-01-20 |
Family
ID=45406749
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201180061838.6A Active CN103270518B (en) | 2010-12-21 | 2011-12-19 | Virtual machine verification system and method thereof |
Country Status (7)
Country | Link |
---|---|
US (1) | US9081600B2 (en) |
JP (1) | JP5957004B2 (en) |
CN (1) | CN103270518B (en) |
DE (1) | DE112011104496T5 (en) |
GB (1) | GB2501205A (en) |
TW (1) | TW201241662A (en) |
WO (1) | WO2012084837A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104982005A (en) * | 2013-01-22 | 2015-10-14 | 亚马逊技术有限公司 | Privileged cryptographic services in virtualized environment |
CN106406970A (en) * | 2015-07-29 | 2017-02-15 | 罗伯特·博世有限公司 | Method and device for securing the application programming interface of a hypervisor |
CN106687980A (en) * | 2014-09-17 | 2017-05-17 | 国际商业机器公司 | Hypervisor and virtual machine protection |
CN107466464A (en) * | 2014-12-23 | 2017-12-12 | 迈克菲有限责任公司 | Input validation |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103124973B (en) | 2010-09-22 | 2015-09-30 | 国际商业机器公司 | The use of interactive component during proving bootup process |
US8869264B2 (en) | 2010-10-01 | 2014-10-21 | International Business Machines Corporation | Attesting a component of a system during a boot process |
DE112011103048B4 (en) * | 2010-11-18 | 2021-12-23 | International Business Machines Corporation | A method of authenticating a variety of data processing systems |
TW201241662A (en) * | 2010-12-21 | 2012-10-16 | Ibm | Virtual machine validation |
JP5932837B2 (en) * | 2011-01-19 | 2016-06-08 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | Method and system for updating and authenticating code, method and system for testing program integrity |
US8954964B2 (en) * | 2012-02-27 | 2015-02-10 | Ca, Inc. | System and method for isolated virtual image and appliance communication within a cloud environment |
US9471355B2 (en) | 2012-07-31 | 2016-10-18 | Hewlett-Packard Development Company, L.P. | Secure operations for virtual machines |
US20140075522A1 (en) * | 2012-09-07 | 2014-03-13 | Red Hat, Inc. | Reliable verification of hypervisor integrity |
US10579405B1 (en) * | 2013-03-13 | 2020-03-03 | Amazon Technologies, Inc. | Parallel virtual machine managers |
US9367339B2 (en) * | 2013-07-01 | 2016-06-14 | Amazon Technologies, Inc. | Cryptographically attested resources for hosting virtual machines |
US9384006B2 (en) | 2013-10-11 | 2016-07-05 | Globalfoundries Inc. | Apparatus and methods for automatically reflecting changes to a computing solution into an image for the computing solution |
US10031761B2 (en) * | 2013-10-11 | 2018-07-24 | International Business Machines Corporation | Pluggable cloud enablement boot device and method |
US9354894B2 (en) | 2013-10-11 | 2016-05-31 | International Business Machines Corporation | Pluggable cloud enablement boot device and method that determines hardware resources via firmware |
CN104717235B (en) * | 2013-12-11 | 2018-01-02 | 铁道部信息技术中心 | A kind of resources of virtual machine detection method |
US9519498B2 (en) | 2013-12-24 | 2016-12-13 | Microsoft Technology Licensing, Llc | Virtual machine assurances |
US9652631B2 (en) | 2014-05-05 | 2017-05-16 | Microsoft Technology Licensing, Llc | Secure transport of encrypted virtual machines with continuous owner access |
US9584317B2 (en) | 2014-10-13 | 2017-02-28 | Microsoft Technology Licensing, Llc | Identifying security boundaries on computing devices |
US10229272B2 (en) | 2014-10-13 | 2019-03-12 | Microsoft Technology Licensing, Llc | Identifying security boundaries on computing devices |
US9519787B2 (en) | 2014-11-14 | 2016-12-13 | Microsoft Technology Licensing, Llc | Secure creation of encrypted virtual machines from encrypted templates |
US10068092B2 (en) * | 2015-01-21 | 2018-09-04 | Microsoft Technology Licensing, Llc | Upgrading a secure boot policy on a virtual machine |
CN107533478A (en) * | 2015-07-31 | 2018-01-02 | 慧与发展有限责任合伙企业 | The migration of computer system |
US9471367B1 (en) * | 2015-12-08 | 2016-10-18 | International Business Machines Corporation | Virtual machine usage data collection using securely loaded virtual firmware |
CN107533594B (en) | 2016-01-21 | 2021-01-26 | 慧与发展有限责任合伙企业 | Method for verifying software, safety software system and readable storage medium |
EP3465434A1 (en) * | 2016-06-16 | 2019-04-10 | Google LLC | Secure configuration of cloud computing nodes |
US11354421B2 (en) | 2019-03-08 | 2022-06-07 | International Business Machines Corporation | Secure execution guest owner controls for secure interface control |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101071463A (en) * | 2007-06-08 | 2007-11-14 | 北京飞天诚信科技有限公司 | Method and device for virtulizing personal office environment |
US20080244569A1 (en) * | 2007-03-30 | 2008-10-02 | David Carroll Challener | System and Method for Reporting the Trusted State of a Virtual Machine |
WO2009051471A2 (en) * | 2007-09-20 | 2009-04-23 | Mimos Berhad | Trusted computer platform method and system without trust credential |
Family Cites Families (41)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5237668A (en) * | 1989-10-20 | 1993-08-17 | International Business Machines Corporation | Process using virtual addressing in a non-privileged instruction to control the copying of a page of data in or between multiple media |
US7219315B1 (en) * | 2003-09-22 | 2007-05-15 | Tenison Technology Eda Limited | Comparison of semiconductor circuitry simulations |
US7165201B2 (en) * | 2003-09-25 | 2007-01-16 | Hitachi Global Storage Technologies Netherlands B.V. | Method for performing testing of a simulated storage device within a testing simulation environment |
US7340661B2 (en) * | 2003-09-25 | 2008-03-04 | Hitachi Global Storage Technologies Netherlands B.V. | Computer program product for performing testing of a simulated storage device within a testing simulation environment |
US20050154573A1 (en) * | 2004-01-08 | 2005-07-14 | Maly John W. | Systems and methods for initializing a lockstep mode test case simulation of a multi-core processor design |
US7664965B2 (en) * | 2004-04-29 | 2010-02-16 | International Business Machines Corporation | Method and system for bootstrapping a trusted server having redundant trusted platform modules |
GB2424092A (en) * | 2005-03-11 | 2006-09-13 | Transitive Ltd | Switching between code translation and execution using a trampoline |
US9785485B2 (en) * | 2005-07-27 | 2017-10-10 | Intel Corporation | Virtualization event processing in a layered virtualization architecture |
US7356725B2 (en) * | 2005-09-09 | 2008-04-08 | International Business Machines Corporation | Method and apparatus for adjusting a time of day clock without adjusting the stepping rate of an oscillator |
US8015408B2 (en) * | 2006-09-14 | 2011-09-06 | Interdigital Technology Corporation | Trust evaluation for a mobile software agent on a trusted computing platform |
US8612971B1 (en) * | 2006-10-17 | 2013-12-17 | Manageiq, Inc. | Automatic optimization for virtual systems |
US8127292B1 (en) * | 2007-06-22 | 2012-02-28 | Parallels Holdings, Ltd. | Virtualization system with hypervisor embedded in bios or using extensible firmware interface |
US8259948B2 (en) * | 2007-12-29 | 2012-09-04 | Intel Corporation | Virtual TPM key migration using hardware keys |
US8032942B2 (en) * | 2007-12-31 | 2011-10-04 | Intel Corporation | Configuration of virtual trusted platform module |
US8165864B2 (en) * | 2008-02-08 | 2012-04-24 | International Business Machines Corporation | Method, system and computer program product for verifying address generation, interlocks and bypasses |
WO2009107349A1 (en) * | 2008-02-25 | 2009-09-03 | パナソニック株式会社 | Information processing device |
US20100083251A1 (en) * | 2008-09-12 | 2010-04-01 | Hyper9, Inc. | Techniques For Identifying And Comparing Virtual Machines In A Virtual Machine System |
US20100107160A1 (en) * | 2008-10-29 | 2010-04-29 | Novell, Inc. | Protecting computing assets with virtualization |
US8751654B2 (en) * | 2008-11-30 | 2014-06-10 | Red Hat Israel, Ltd. | Determining the graphic load of a virtual desktop |
US7904540B2 (en) * | 2009-03-24 | 2011-03-08 | International Business Machines Corporation | System and method for deploying virtual machines in a computing environment |
US8336050B2 (en) * | 2009-08-31 | 2012-12-18 | Red Hat, Inc. | Shared memory inter-process communication of virtual machines using virtual synchrony |
US8631404B2 (en) * | 2010-02-18 | 2014-01-14 | Red Hat Israel, Ltd. | Mechanism for downloading hypervisor updates via a virtual hardware device using existing virtual machine-host channels |
US8893092B1 (en) * | 2010-03-12 | 2014-11-18 | F5 Networks, Inc. | Using hints to direct the exploration of interleavings in a multithreaded program |
US8812871B2 (en) * | 2010-05-27 | 2014-08-19 | Cisco Technology, Inc. | Method and apparatus for trusted execution in infrastructure as a service cloud environments |
US8856504B2 (en) * | 2010-06-07 | 2014-10-07 | Cisco Technology, Inc. | Secure virtual machine bootstrap in untrusted cloud infrastructures |
US8468007B1 (en) * | 2010-08-13 | 2013-06-18 | Google Inc. | Emulating a peripheral mass storage device with a portable device |
US20120054486A1 (en) * | 2010-08-31 | 2012-03-01 | MindTree Limited | Securing A Virtual Environment And Virtual Machines |
US8869264B2 (en) * | 2010-10-01 | 2014-10-21 | International Business Machines Corporation | Attesting a component of a system during a boot process |
US8819225B2 (en) * | 2010-11-15 | 2014-08-26 | George Mason Research Foundation, Inc. | Hardware-assisted integrity monitor |
US20120131334A1 (en) * | 2010-11-18 | 2012-05-24 | International Business Machines Corporation | Method for Attesting a Plurality of Data Processing Systems |
US20120151209A1 (en) * | 2010-12-09 | 2012-06-14 | Bae Systems National Security Solutions Inc. | Multilevel security server framework |
US10203974B2 (en) * | 2010-12-20 | 2019-02-12 | Microsoft Technology Licensing, Llc | Probe insertion via background virtual machine |
TW201241662A (en) * | 2010-12-21 | 2012-10-16 | Ibm | Virtual machine validation |
US9612855B2 (en) * | 2011-01-10 | 2017-04-04 | International Business Machines Corporation | Virtual machine migration based on the consent by the second virtual machine running of the target host |
US9178833B2 (en) * | 2011-10-25 | 2015-11-03 | Nicira, Inc. | Chassis controller |
US9015025B2 (en) * | 2011-10-31 | 2015-04-21 | International Business Machines Corporation | Verifying processor-sparing functionality in a simulation environment |
US20130117006A1 (en) * | 2011-11-07 | 2013-05-09 | Microsoft Corporation | Simulated boot process to detect introduction of unauthorized information |
US9229524B2 (en) * | 2012-06-27 | 2016-01-05 | Intel Corporation | Performing local power gating in a processor |
KR20140134451A (en) * | 2013-05-14 | 2014-11-24 | 한국전자통신연구원 | Test environment setting apparatus and, method for network simulation apparatus using the same |
US9407580B2 (en) * | 2013-07-12 | 2016-08-02 | Nicira, Inc. | Maintaining data stored with a packet |
US9785454B2 (en) * | 2013-07-25 | 2017-10-10 | Login VSI B.V. | Virtual session benchmarking tool for measuring performance and/or scalability of centralized desktop environments |
-
2011
- 2011-11-07 TW TW100140610A patent/TW201241662A/en unknown
- 2011-12-19 CN CN201180061838.6A patent/CN103270518B/en active Active
- 2011-12-19 JP JP2013545273A patent/JP5957004B2/en active Active
- 2011-12-19 GB GB1312923.4A patent/GB2501205A/en not_active Withdrawn
- 2011-12-19 DE DE112011104496T patent/DE112011104496T5/en active Pending
- 2011-12-19 US US13/995,814 patent/US9081600B2/en active Active
- 2011-12-19 WO PCT/EP2011/073259 patent/WO2012084837A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080244569A1 (en) * | 2007-03-30 | 2008-10-02 | David Carroll Challener | System and Method for Reporting the Trusted State of a Virtual Machine |
CN101071463A (en) * | 2007-06-08 | 2007-11-14 | 北京飞天诚信科技有限公司 | Method and device for virtulizing personal office environment |
WO2009051471A2 (en) * | 2007-09-20 | 2009-04-23 | Mimos Berhad | Trusted computer platform method and system without trust credential |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104982005A (en) * | 2013-01-22 | 2015-10-14 | 亚马逊技术有限公司 | Privileged cryptographic services in virtualized environment |
CN106687980A (en) * | 2014-09-17 | 2017-05-17 | 国际商业机器公司 | Hypervisor and virtual machine protection |
US10409978B2 (en) | 2014-09-17 | 2019-09-10 | International Business Machines Corporation | Hypervisor and virtual machine protection |
CN106687980B (en) * | 2014-09-17 | 2019-10-11 | 国际商业机器公司 | Management program and virtual machine protection |
CN107466464A (en) * | 2014-12-23 | 2017-12-12 | 迈克菲有限责任公司 | Input validation |
CN106406970A (en) * | 2015-07-29 | 2017-02-15 | 罗伯特·博世有限公司 | Method and device for securing the application programming interface of a hypervisor |
Also Published As
Publication number | Publication date |
---|---|
JP2014505924A (en) | 2014-03-06 |
US9081600B2 (en) | 2015-07-14 |
WO2012084837A1 (en) | 2012-06-28 |
JP5957004B2 (en) | 2016-07-27 |
CN103270518B (en) | 2016-01-20 |
US20140025961A1 (en) | 2014-01-23 |
GB201312923D0 (en) | 2013-09-04 |
GB2501205A (en) | 2013-10-16 |
DE112011104496T5 (en) | 2013-10-17 |
TW201241662A (en) | 2012-10-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103270518B (en) | Virtual machine verification system and method thereof | |
US9501665B2 (en) | Method and apparatus for remotely provisioning software-based security coprocessors | |
KR100930218B1 (en) | Method, apparatus and processing system for providing a software-based security coprocessor | |
US8074262B2 (en) | Method and apparatus for migrating virtual trusted platform modules | |
KR101662618B1 (en) | Measuring platform components with a single trusted platform module | |
US7571312B2 (en) | Methods and apparatus for generating endorsement credentials for software-based security coprocessors | |
US7636442B2 (en) | Method and apparatus for migrating software-based security coprocessors | |
CN1997955B (en) | Method and apparatus for providing secure virtualization of a trusted platform module | |
CN101523401B (en) | Secure use of user secrets on a computing platform | |
US20070016801A1 (en) | Method, apparatus, and product for establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform | |
CN109669734A (en) | Method and apparatus for starting device | |
CN104871174A (en) | Boot mechanisms for 'bring your own' management | |
US20230106491A1 (en) | Security dominion of computing device | |
Petrlic | Integrity protection for automated teller machines | |
Qiu et al. | Integrity Measurement Model Based on Trusted Virtual Platform | |
CN114661411A (en) | Provisioning secure/encrypted virtual machines in cloud infrastructure | |
Kursawe | The future of trusted computing: An outlook |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |